1 / 57

Pondering and Patrolling Perimeters

Pondering and Patrolling Perimeters. Bill Cheswick ches@lumeta.com http://www.lumeta.com. Perimeter defenses are a traditional means of protecting an area without hardening each of the things in that area. Why use a perimeter defense?. It is cheaper

mathilde
Download Presentation

Pondering and Patrolling Perimeters

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pondering and Patrolling Perimeters Bill Cheswick ches@lumeta.com http://www.lumeta.com

  2. Perimeter defenses are a traditional means of protecting an area without hardening each of the things in that area

  3. Why use a perimeter defense? • It is cheaper • A man’s home is his castle, but most people can’t afford the moat • You can concentrate your equipment and your expertise in a few areas • It is simpler, and simpler security is usually better • Easier to understand and audit • Easier to spot broken parts

  4. Perimeter Defense of the US Capitol Building

  5. Flower pots

  6. Security doesn’t have to be ugly

  7. Delta barriers

  8. Parliament: entrance

  9. Parliament: exit

  10. What’s wrong with perimeter defenses • They are useless against insider attacks

  11. fell through a hole in its perimeter fell to siege in three years in 16th century ran out of food and water Unsuccessful attack by Bonnie Prince Charlie in 1745 Devastated in 1544 by the Earl of Hertford Edinburgh Castle

  12. What’s wrong with perimeter defenses • They are useless against insider attacks • They provide a false sense of security • You still need to toughen up the inside, at least some • You need to hire enough defenders

  13. What’s wrong with perimeter defenses • They are useless against insider attacks • They provide a false sense of security • You still need to toughen up the inside, at least some • They don’t scale well

  14. The Pretty Good Wall of China

  15. Can we live without an intranet? Strong host security

  16. I can, but you probably can’t • “Skinny-dipping” on the Internet since the mid 1990s • The exposure focuses one clearly on the threats and proactive security • It’s very convenient, for the services I dare to use • Many important network services are difficult to harden

  17. Skinny dipping rules • Only minimal services are offered to the general public • Ssh • Web server (jailed Apache) • DNS (self chrooted) • SMTP (postfix, not sendmail) • Children (like employees) and MSFT clients are untrustworthy • Offer hardened local services at home, like SAMBA (chroot), POP3 (chroot) • I’d like to offer other services, but they are hard to secure

  18. Skinny dipping requires strong host security • FreeBSD and Linux machines • I am told that one can lock down an MSFT host, but there are hundreds of steps, and I don’t know how to do it. • This isn’t just about operating systems: the most popular client applications are, in theory, very dangerous and, in practice, very dangerous. • Web browsers and mail readers have many dangerous features

  19. Lately, I have been cheating • Backup hosts are unreachable from the Internet (which is a perimeter defense of sorts), and do not trust the exposed hosts • Public servers have lower privilege than my crown jewels • This means I can experiment a bit more with the exposed hosts

  20. Skinny dipping flaws • Less depth to the defense

  21. Skinny dipping flaws • Less defense in depth • No protection from denial-of-service attacks

  22. Hopes for Microsoft client security? • I’ll talk about it at the end of the talk.

  23. Intranets Networked perimeter defenses

  24. “Anything large enough to be called an ‘intranet’ is out of control” - me

  25. Intranets have been out of control since they were invented • This is not the fault of network administrators • The technology is amenable to abuse • Decentralization was a design goal of the Internet • CIO and CSOs want centralized control of their network • The legacy information is lost with rapid employee turnover • M&A breaks carefully-planned networking

  26. Perimeter security gives a false sense of security • “Crunchy outside, and a soft, chewy center” • Me • I think 40 hosts is about the most that I can control within a perimeter. • Others can probably do better • Internet worms are pop quizzes on perimeter security

  27. Intranets: the rest of the Internet

  28. History of the Project and Lumeta • Started in August 1998 at Bell Labs • April-June 1999: Yugoslavia mapping • July 2000: first customer intranet scanned • Sept. 2000: spun off Lumeta from Lucent/Bell Labs • June 2002: “B” round funding completed • 2003: sales >$4MM • After three years of a service offering, we built IPSonar so you can run it yourself.

  29. This was Supposed To be a VPN

  30. This is useful, butcan we find hosts that have access across the perimeter?

  31. Leaks • We call the leaks shown in the maps “routing leaks” • Can we find hosts that don’t forward packets, but straddle the perimeter? • Yes: we call them “host leaks”, and detecting them is Lumeta’s “special sauce”

  32. How to find host leaks • Run a census with ICMP and/or UDP packets • Test each machine to see if it can receive a probe from one network, and reply on another • Not just dual-homed hosts • DMZ hosts, business partner machines, misconfigured VPN access

More Related